douyin-hot-trend
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts 'scripts/get-hot-trend.js' and 'cron-job.js' utilize 'child_process.execSync' to execute other scripts within the local environment.
- [REMOTE_CODE_EXECUTION]: A command injection vulnerability is present in 'scripts/get-hot-trend.js'. The script captures a 'limit' parameter from command-line arguments ('process.argv[2]') and interpolates it directly into a shell command string used with 'execSync' without sanitization or escaping. This allows an attacker to execute arbitrary commands by providing a malicious string as the argument.
- [EXTERNAL_DOWNLOADS]: The scripts 'scripts/douyin.js' and 'scripts/douyin-with-cover.js' perform HTTPS network requests to 'www.douyin.com' to retrieve trending data. This represents an external network dependency managed via custom script logic.
- [DATA_EXFILTRATION]: The file 'cron-job.js' contains a hardcoded Telegram 'chat_id' ('8428610733') and is configured to prepare and format data specifically for transmission to this external identifier.
- [PROMPT_INJECTION]: The skill processes untrusted content from the Douyin website (trending topic titles) without using boundary markers or performing sanitization. This presents an indirect prompt injection surface where malicious trending topics could influence the behavior of the agent during the data processing phase. The capability inventory for this surface includes the ability to execute shell commands ('execSync') and perform network operations.
Recommendations
- AI detected serious security threats
Audit Metadata